Description

I can backport security fixes for a while, but that's not ideal and we should plan the migration of node-based services to 10 (which also implies stretch as node10 has hard requirements on libraries only in stretch).

Services currently using nodejs:

restbase (jessie)

All the services on scb (jessie) (migration to Kubernetes in progress)

phabricator/aphlict (jessie, but stretch host exists(non-prod at this point)

proton (stretch)

parsoid (stretch)

etherpad-lite (jessie)

3d2png - thumbor (jessie/stretch)

node10 debs for stretch are available in the repository component "component/node10" , see T203239 for further details. After https://gerrit.wikimedia.org/r/477475service::node deploys the stretch nodejs10 component with the parameter use_nodejs10 set to true.

Does this mean he have a hard deadline of 2019-04-01 for completing the migrations? Or per the "I can backport security fixes for a while" we have a couple of more months? The current goal is that by July 2019 all scb services, restbase (and probably aqs as well), proton, parsoid will be in kubernetes. That will leave turnilo and aphlict I guess.

etherpad-lite is a whole story in its own as the software is in what I would call "maintenance mode". Docs say it requires node 6.9+ and recommends node 8.9+. Hopefully that means it's compatible with node10 but remains to be seen.

Does this mean he have a hard deadline of 2019-04-01 for completing the migrations? Or per the "I can backport security fixes for a while" we have a couple of more months?

No, it's not a hard deadline. I feel perfectly comfortable to backport fixes for longer. It's mostly a case of "Moritz was working on nodejs security updates, saw the EOL note, realised that goal planning is in progress, so seemed useful to start the discussion and make a task" :-)